Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-7991

    Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.... Read more

    Affected Products : exponent_cms
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9954

    The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.... Read more

    Affected Products : irregex
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-5399

    The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.... Read more

    Affected Products : php
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5168

    Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.... Read more

    Affected Products : chrome
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-3702

    Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.... Read more

    Affected Products : cloudforms_management_engine
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-3109

    The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : shopware
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3067

    Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.... Read more

    Affected Products : cygwin
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-2433

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.... Read more

    Affected Products : android
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-2347

    Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.... Read more

    Affected Products : debian_linux leap opensuse lhasa
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2173

    org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-1561

    ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1560

    ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or ... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1520

    The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1519

    The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-1518

    The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive infor... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1221

    Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : jetstar
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1210

    The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : 105_bank
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1198

    Photopt for Android before 2.0.1 does not verify SSL certificates.... Read more

    Affected Products : photopt
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-1187

    Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.... Read more

    Affected Products : kunai
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1186

    Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.... Read more

    Affected Products : kintone
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293704 Results